Menu

Cookies – EU legislation

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time.
Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.

EUROPA websites must follow the Commission’s guidelines on privacy and data protection and inform users that cookies are not being used to gather information unnecessarily.

The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage ofor access to information stored on a user’s terminal equipment. In other words, you must ask users if they agreeto most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.

For consent to be valid, it must be informed, specific, freely givenand must constitute a real indication of the individual’s wishes.

However, some cookies are exempt from this requirement. Consent is not required if the cookie is:

used for the sole purpose of carrying out the transmission of a communication,

and strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.

Cookies clearly exempt from consent according to the EU advisory body on data protection- WP29pdf include:

user‑input cookies (session-id) such as first‑party cookies to keep track of the user’s input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases

authentication cookies, to identify the user once he has logged in, for the duration of a session

user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration

multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session

load‑balancing cookies, for the duration of session

user‑interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)

third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.